---
title: Introduction to Terraform Controller
hide_title: true
---

# Overview

[Terraform Controller](https://github.com/weaveworks/tf-controller) (TF-Controller) is a reliable tool for managing your infrastructure and application resources using the GitOps approach, all at your own pace. An open source project created by Weaveworks, the makers of [Flux](https://fluxcd.io), TF-Controller follows patterns established by Flux and integrates with Weave GitOps. 

TF-Controller makes the following GitOps models available to suit your specific needs:

  * **Drift Detection:** Use GitOps for drift detection so that you can decide which actions to take when drift occurs.
  * **GitOps Automation:** Fully automate the GitOps process, including provisioning and enforcement, for all of your Terraform resources.
  * **Hybrid GitOps Automation:** GitOps-ify certain parts of your existing infrastructure resources, such as a nodegroup or security group in an existing EKS cluster.
  * **State Enforcement:** Use GitOps to enforce an existing `tfstate` without making any other changes.

To get started with TF-controller, simply follow the provided [getting started](get-started-terraform.mdx) guide. You can also find [extensive documentation here](https://weaveworks.github.io/tf-controller/)—it covers API references, CLI references, and [how-to's](https://weaveworks.github.io/tf-controller/use_tf_controller/) for common situations.

With Weave GitOps Enterprise, you can manage `Terraform` objects the same way you can with `Kustomization` and `HelmReleases`:

![WGE Enterprise dashboard showing Terraform view](/img/dashboard-terraform.png)

## Features

  * **Multi-Tenancy**: TF-controller supports multi-tenancy by running Terraform `plan` and `apply` inside Runner Pods.
    When specifying `.metadata.namespace` and `.spec.serviceAccountName`, the Runner Pod uses the specified ServiceAccount
    and runs inside the specified Namespace. These settings enable the soft multi-tenancy model, usable within
    the Flux multi-tenancy setup.
  * **GitOps Automation for Terraform**: Setting `.spec.approvePlan=auto` allows a `Terraform` object
    to be reconciled and act as the representation of your Terraform resources. TF-controller uses the spec of
    the `Terraform` object to `plan` and `apply` its associated Terraform resources. It then stores
    the `TFSTATE` of the applied resources as a `Secret` inside the Kubernetes cluster. After `.spec.interval` passes,
    TF-Controller checks for drift between your live system and your Terraform resources and, if affirmative, automatically generates and applies a plan to correct it.
  * **Drift detection**: Enabled by default, and part of the GitOps automation feature, the controller detects and fixes infrastructure drift based on the Terraform resources and their `TFSTATE`. You can use the field `.spec.disableDriftDetection` to disable this behaviour. Drift detection-only mode, without `plan` or `apply` steps, allows you to perform read-only drift detection.
  * **Plan and Manual Approve**: Separate the `plan` from the `apply` step, just like in the Terraform workflow you are familiar with—but in a GitOps way. When a plan is generated, the controller shows you a message asking if you want to apply it. Optionally create and push the change to a new branch for your team members to review and approve too.
  * **YAML-based Terraform**: The `Terraform` object in v0.13.0+ allows you to better configure your
    Terraform resources via YAMLs, but without introducing any extra CRDs to your cluster.
  * **First-class Terraform Cloud Support:** Use `spec.cloud` to configure `Terraform` objects to use Terraform Cloud as the backend
    for storing the state.

## Dependencies

TF-controller has its own versioning system that is separate from the versioning system used by Weave GitOps.
This means that you can install and use TF-controller independently of Weave GitOps—it will not be affected
by the version of Weave GitOps that you are using.

Here is the dependency matrix:

|   Version   | Terraform | Source Controller | Flux v2 |
|:-----------:|:---------:|:-----------------:|:-------:|
| **v0.14.0** |  v1.3.9   |      v0.35.1      | v0.40.x |
|   v0.13.1   |  v1.3.1   |      v0.31.0      | v0.38.x |
